Configure Central Authentication Service (CAS)

Authentication

Many campuses use some kind of single sign on, such as JASIG's Central Authentication Service, or CAS. This guide
describes how to integrate Opencast into such a system.

Step 1

First, you need to edit the file etc/org.apache.karaf.features.cfg and add the opencast-security-cas to the
featuresBoot variable.

featuresBoot = ..., opencast-security-cas

Step 2

In a single-tenant deployment, your security.xml file is under OPENCAST_HOME/etc/security/mh_default_org.xml. In an
RPM/DEB based installation, it is located in /etc/opencast/security/mh_default_org.xml. You should make a backup copy
of the file and substitute it by the sample file named security_sample_cas.xml-example. In other words:

The sample file should be exactly the same as the default security file, except for the parts only relevant to the
CAS. If you have done custom modifications to your security file, make sure to incorporate them to the new file, too.

Step 3

Add the necessary configuration values to the CAS section of the new security file. The comments should be
self-explanatory.

You must modify several settings in the sample to point to your CAS server:

Authorization

Now the system knows all the information necessary to authenticate users against CAS, but also need some authorization
information, to tell which services the user is allowed to use and which resources is allowed to see and/or modify.

You will need to configure a UserProvider to look up users as identified by CAS.